On January 28, 2022, the European Data Protection Board (“EDPB”) initiated a public consultation on its draft Guidelines 01/2022 on data subject rights – Right of access (“draft Guidelines”). Running to 60 pages, the draft Guidelines cover a range of topics relating to the right of access, including analyzing a request; establishing
Right of Access
Brussels Court of Appeal Considers GDPR Rights
In a decision handed down on December 1, 2021, the Brussels Market Court (Court of Appeal) had an opportunity to consider the GDPR right of access. The Belgian Ministry of Finance appealed the Belgian Supervisory Authority’s recent decision requiring the Ministry to grant a complainant access to her financial file and make corrections to the…
12 Eye-Catching Proposals In The UK Government’s Plan To Reform UK Data Protection Law
There have been many headlines today about the UK Government’s plans to reform UK data protection law. We are still reviewing the (near 150-page) consultation document, but set out below a dozen proposals that we thought might pique the interest of readers of our blog.
Continue Reading 12 Eye-Catching Proposals In The UK Government’s Plan To Reform UK Data Protection Law
Dutch Court Decides on Scope of GDPR Right of Access
In late December 2019, the Court of The Hague (Netherlands) published a preliminary reference procedure (see here, in Dutch). The Court was asked to decide on the scope of the right of access under the GDPR.
The defendant in this case was a bailiff involved in the bankruptcy procedure. The individual who was target…
New Research Exposes Perils of Bogus Access Requests Under GDPR, With Implications for CCPA
At the Black Hat conference in Las Vegas last week, a security researcher presented his research on using access rights available under the GDPR for identity theft purposes (slides available here; whitepaper available here). Specifically, the researcher “attempted to steal as much information as possible” about his fiancé by submitting GDPR access requests…
German court decides on the scope of GDPR right of access
In a previous post, this blog reported on German guidance on the scope of the right of access under Art. 15 of the GDPR and in particular on the right to receive a copy. The Supervisory Authority of Hesse region stated that the term “copy” in Art 15 GDPR should not be understood literally but…
German Supervisory Authorities Issue Guidance on Data Subject Rights
Guidance on how to identify data subjects
On July 1, 2019, the Bavarian Supervisory Authority for the public sector (“SA”) published guidance on how to verify the identity of data subjects exercising their data protection rights under the GDPR. The guidance is directed at public bodies, but is also helpful for private entities.
According to…